CN112953909B

Movatterモバイル変換

Info

Publication number: CN112953909B
Application number: CN202110116685.6A
Authority: CN
Inventors: 刘国锋; 张志坚; 朱振; 张志阳; 李林; 刘富洋
Original assignee: Beijing Beanpod Technology Co ltd
Current assignee: Beijing Beanpod Technology Co ltd
Priority date: 2021-01-28
Filing date: 2021-01-28
Publication date: 2023-03-14
Anticipated expiration: 2041-01-28
Also published as: CN112953909A

Abstract

Description

Method for realizing safety isolation of vehicle-mounted internal and external networks based on TEE

Technical Field

The invention relates to the technical field of information security of mobile equipment, in particular to a method for realizing vehicle-mounted internal and external network security isolation based on TEE.

Background

Ethernet generally refers to Ethernet, which is a computer local area network technology, with the application of 5G and the high-speed development of the computing power and hardware of intelligent networking automobile processors, the demand on network bandwidth is correspondingly increased, a vehicle-mounted central gateway platform is taken as a core, the Ethernet is gradually applied as a backbone network, all domain controllers are connected together, the Ethernet is taken as a channel for transmitting internal and external data, an internal and external driving protocol carries the receiving and sending of the data, the safety of the network is more and more important, the vehicle-mounted central gateway platform is connected with TBOX, the TBOX is communicated with a background through a 4G/5G network, the vehicle-mounted central gateway platform is connected with all Electronic Control Units (ECUs) through an internal driving protocol, the internal and external driving protocols can enter the vehicle-mounted central gateway platform, and the data is transmitted through a driving protocol of a Linux kernel.

At present, a Vehicle-mounted central gateway platform communicates with internal electronic control unit ECUs through an external driving protocol and an external communication, the internal driving protocol and the internal driving protocol share a driving protocol in a Linux kernel, and finally data are transmitted to Vehicle-mounted applications (Vehicle Application).

Disclosure of Invention

Aiming at the technical problems in the related art, the invention provides a method for realizing the safety isolation of the vehicle-mounted internal and external networks based on TEE, and the safety of the vehicle-mounted central gateway platform and the safety of the vehicle networking are improved by solving the problem of resource isolation of an external access network and an internal access network.

In order to achieve the technical purpose, the technical scheme of the invention is realized as follows: a method for realizing vehicle-mounted internal and external network safety isolation based on TEE is characterized in that the method is suitable for a vehicle-mounted central gateway platform, the vehicle-mounted central gateway platform supports rich execution environment REE and trusted execution environment TEE, and the method specifically comprises the following steps:

s1, the vehicle-mounted central gateway platform comprises an external access network and an internal access network, the external access network directly enters a rich execution environment REE, and the rich execution environment REE reaches an untrusted application UTA through an external drive protocol of a Linux kernel;

s2, the internal access network directly enters a Trusted Execution Environment (TEE), and the TEE reaches a Trusted Application (TA) through an internal driving protocol of a Linux kernel;

s3, the vehicle-mounted central gateway platform adopts a Linux kernel, the vehicle-mounted central gateway platform cuts and transplants transmission data of the rich execution environment REE into a trusted execution environment TEE through the Linux kernel, and vehicle-mounted applications of the Linux kernel are divided into an untrusted application UTA and a trusted application TA.

According to another aspect of the present invention, the external access network in S1 further comprises:

s1.1, the external access network cannot directly access any resource of the trusted execution environment TEE through a Linux kernel, and cannot isolate data resources of the external access network and the internal access network.

According to another aspect of the present invention, the S2 middle internal access network further comprises:

and S2, establishing communication connection between the vehicle-mounted central gateway platform and the Electronic Control Units (ECUs) based on the internal access network, and establishing safe communication connection between the internal access network and each ECU.

According to another aspect of the present invention, the vehicle-mounted central gateway platform in S3 further comprises:

s3.1, because the vehicle-mounted central gateway platform, the trusted execution environment TEE and the rich execution environment REE are all built through a Linux kernel, the Linux kernel mechanisms of the rich execution environment REE and the trusted execution environment TEE are the same, and consistency of the Linux kernel mechanisms is kept;

s3.2 the internal driving protocol of the rich execution environment REE directly transplants the transmission data clipping to the trusted execution environment TEE.

According to another aspect of the present invention, the connecting the vehicle-mounted central gateway platform with the internal and external access networks in S3 further comprises:

s3.3, the vehicle-mounted central gateway platform is connected with a TBOX through an external access network, and the TBOX is communicated with a background through a 4G/5G network;

and S3.4, the vehicle-mounted central gateway platform is in communication connection with the Electronic Control Units (ECUs) through an internal access network and a CAN bus.

According to another aspect of the present invention, the clipping and migrating the transmission data of the rich execution environment REE into the trusted execution environment TEE based on the Linux kernel in S3 further comprises:

s3.5, finely clipping a Linux kernel of the REE, clipping and transplanting the finely clipped Linux kernel to a TEE (trusted execution environment), and simultaneously ensuring the consistency of kernel mechanisms of the REE and the TEE;

s3.6, directly cutting and transplanting the external driving protocol of the rich execution environment REE to the trusted execution environment TEE without developing the internal driving protocol of the trusted execution environment TEE again;

s3.7, dividing the Linux kernel into an untrusted application UTA and a trusted application TA, if an external access network directly accesses the untrusted application UTA, dividing the Linux kernel into a rich execution environment REE, and if an internal access network directly accesses the trusted application TA, dividing the Linux kernel into a trusted execution environment TEE;

s3.8, limiting the direct access of the external driving protocol of the REE by configuring the security attribute of the internal driving protocol of the TEE;

s3.9, transmitting the transmission data entering through an external access network to the untrusted application UTA through an external driving protocol of the rich execution environment REE;

s3.10, transmitting the transmission data entering through the internal access network to the trusted application TA through an internal driving protocol of the trusted execution environment TEE;

s3.11, when the transmission data is sent to a trusted application TA inside the trusted execution environment TEE through an internal driving protocol, the identity authentication of the trusted execution environment TEE is required;

and S3.12, the external driving protocol sends the transmission data to the vehicle-mounted central gateway platform through the external access network.

The invention has the beneficial effects that: in view of the defects in the prior art, the method has the following beneficial effects:

1) Safety: according to the Linux gateway, a Linux kernel is divided into a trusted domain and an untrusted domain, linux kernel application is divided into a trusted application TA and an untrusted application UTA, an external drive protocol and an internal drive protocol in the Linux kernel run in a homologous Linux kernel, an external access network is divided into an untrusted domain by the framework, and an internal access network is divided into a trusted domain by the framework, so that Linux kernel dual-domain isolation, application isolation and network data isolation can be realized, even if the external network has an intrusion risk, the resources of the trusted domain cannot be damaged, and the safety of the central gateway is integrally improved;

2) And (3) portability: the security domain and the non-security domain use the homologous Linux kernel, so that the maintenance efficiency of the Linux kernel is improved, the internal and external access networks use the same network protocol for driving, the transplantation efficiency is greatly improved, and the synchronous upgrade can be realized;

3) The application based on the trusted execution environment TEE can solve the problem of resource isolation of an external access network and an internal access network, improves the safety of the vehicle-mounted central gateway platform, improves the safety of the Internet of vehicles, and has practical application prospects.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.

Fig. 1 is a structural block diagram of a method for implementing vehicle-mounted internal and external network security isolation based on TEE according to an embodiment of the present invention;

fig. 2 is a flow chart of a method for implementing vehicle-mounted internal and external network security isolation based on TEE according to an embodiment of the present invention;

fig. 3 is a block diagram of a flow of transmission data clipping and transplanting in the method for implementing vehicle-mounted internal and external network security isolation based on TEE according to the embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of the present invention.

As shown in fig. 1 to 3, the method for implementing security isolation of a vehicle internal network and a vehicle external network based on a TEE according to an embodiment of the present invention is applicable to a vehicle-mounted central gateway platform, where the vehicle-mounted central gateway platform supports a rich execution environment REE and a trusted execution environment TEE, and specifically includes the following steps:

step one, the vehicle-mounted central gateway platform comprises an external access network and an internal access network, wherein the external access network directly enters a rich execution environment REE, the rich execution environment REE reaches an untrusted application UTA through an external driving protocol of a Linux kernel, and the external access network cannot directly access any resource of a trusted execution environment TEE through the Linux kernel and cannot isolate data resources of the external access network and the internal access network;

step two, the internal access network directly enters a Trusted Execution Environment (TEE), the Trusted Execution Environment (TEE) reaches a Trusted Application (TA) through an internal driving protocol of a Linux kernel, communication connection between the vehicle-mounted central gateway platform and the Electronic Control Unit (ECU) is established based on the internal access network, and safe communication connection is established between the internal access network and each Electronic Control Unit (ECU);

step three, the vehicle-mounted central gateway platform adopts a Linux kernel, the vehicle-mounted central gateway platform cuts and transplants transmission data of the rich execution environment REE into a trusted execution environment TEE through the Linux kernel, and vehicle-mounted applications of the Linux kernel are divided into an untrusted application UTA and a trusted application TA, and further comprise:

firstly, the vehicle-mounted central gateway platform, the trusted execution environment TEE and the rich execution environment REE are all built through a Linux kernel, so that the Linux kernel mechanisms of the rich execution environment REE and the trusted execution environment TEE are the same, and the consistency of the Linux kernel mechanisms is kept;

secondly, the internal driving protocol of the rich execution environment REE directly transplants the transmission data clipping to the trusted execution environment TEE.

Thirdly, the vehicle-mounted central gateway platform is connected with a TBOX through an external access network, and the TBOX is communicated with a background through a 4G/5G network;

fourthly, the vehicle-mounted central gateway platform is in communication connection with each electronic control unit ECU through an internal access network and a CAN bus;

fifthly, finely clipping a Linux kernel of the rich execution environment REE, clipping and transplanting the finely clipped Linux kernel to the trusted execution environment TEE, and meanwhile ensuring consistency of kernel mechanisms of the rich execution environment REE and the trusted execution environment TEE;

sixthly, directly cutting and transplanting an external driving protocol of the rich execution environment REE to the trusted execution environment TEE without developing an internal driving protocol of the trusted execution environment TEE again;

seventhly, dividing the Linux kernel into an untrusted application UTA and a trusted application TA, if an external access network directly accesses the untrusted application UTA, dividing the Linux kernel into a rich execution environment REE, and if an internal access network directly accesses the trusted application TA, dividing the Linux kernel into a trusted execution environment TEE;

eighthly, the direct access of the external driving protocol of the rich execution environment REE is limited by configuring the security attribute of the internal driving protocol of the trusted execution environment TEE;

ninth, the transmission data entered via the external access network is sent to the untrusted application UTA by the external driver protocol of the rich execution environment REE;

tenth, transmitting data entering through an internal access network to the trusted application TA through an internal driving protocol of the trusted execution environment TEE;

eleventh, when the transmission data is sent to the trusted application TA inside the trusted execution environment TEE through the internal driver protocol, the identity authentication of the trusted execution environment TEE needs to be performed;

and a twelfth external drive protocol sends the transmission data to the vehicle-mounted central gateway platform through an external access network.

In summary, with the aid of the above technical solution of the present invention, the method isolates the trusted area of the trusted execution environment TEE in the vehicle-mounted central gateway platform based on the application of the trusted execution environment TEE, the external drive protocol runs in the original Linux kernel, and the internal drive protocol runs in the trusted execution environment TEE, that is: the external driving protocol and the internal driving protocol are isolated, the external driving protocol cannot access resources of the internal driving protocol, the internal driving protocol can communicate with the outside through the external driving protocol, so that an external network is prevented from illegally invading the internal driving protocol, the trusted execution environment TEE adopts a Linux kernel which is homologous with a vehicle-mounted central gateway platform, the original network driving is quickly translated, the transplanting difficulty is reduced, and the maintenance is easy;

the application of the Linux kernel is divided into an untrusted application UTA and a trusted application TA, and the trusted application TA directly runs on the Linux kernel of the TEE side of the trusted execution environment through an internal driving protocol without secondary development;

the rich execution environment REE and the trusted execution environment TEE simultaneously support an internal driving protocol and an external driving protocol, the external driving protocol on the rich execution environment REE side is directly transplanted to the trusted execution environment TEE, secondary development is not needed, and therefore stability and development efficiency of the directly transplanted driving protocol are improved.

The method and the device-readable storage medium for implementing security isolation between internal and external networks on a vehicle based on TEE provided by the present application are described in detail, and specific examples are applied herein to illustrate the principles and embodiments of the present application, and the description of the embodiments is only used to help understand the method and the core idea of the present application, and it should be noted that, for those skilled in the art, without departing from the principles of the present application, the present application may be subjected to several modifications and modifications, which also fall within the scope of the claims of the present application, and any modifications, equivalent substitutions, improvements, etc. made within the spirit and principle of the present invention should be included in the scope of the present invention.

It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a component of' 8230; \8230;" does not exclude the presence of additional identical elements in the process, method, article, or apparatus that comprises the element.

Claims

1. A method for realizing vehicle-mounted internal and external network safety isolation based on TEE is characterized in that the method is suitable for a vehicle-mounted central gateway platform, the vehicle-mounted central gateway platform supports rich execution environment REE and trusted execution environment TEE, and the method specifically comprises the following steps:

s1, the vehicle-mounted central gateway platform comprises an external access network and an internal access network, the external access network directly enters a rich execution environment REE, and the rich execution environment REE reaches an untrusted application UTA through an external driving protocol of a Linux kernel;

s2, the internal access network directly enters a trusted execution environment TEE, and the trusted execution environment TEE reaches a trusted application TA through an internal driving protocol of a Linux kernel;

2. The method for achieving vehicle-mounted internal and external network security isolation based on TEE of claim 1, wherein the external access network in S1 further comprises:

3. The method of claim 1, wherein the internal access network in S2 further comprises:

4. The method for achieving vehicle internal and external network security isolation based on TEE of claim 1, wherein the vehicle-mounted central gateway platform in S3 further comprises:

s3.2, the internal driving protocol of the rich execution environment REE directly transplants the Linux kernel cutting to the trusted execution environment TEE.

5. The method according to claim 4, wherein the step S3 of connecting the vehicle-mounted central gateway platform with the internal and external access networks further comprises:

6. The method for achieving vehicle internal and external network security isolation based on TEE of claim 4, wherein the step of S3, based on Linux kernel, clipping and transplanting the transmission data of the rich execution environment REE into the trusted execution environment TEE further comprises:

s3.8, limiting the direct access of the external driving protocol of the rich execution environment REE by configuring the security attribute of the internal driving protocol of the trusted execution environment TEE;

s3.10, transmitting transmission data entering through an internal access network to the trusted application TA through an internal driving protocol of the trusted execution environment TEE;